package com.rceeslca.common.xss;

import cn.hutool.core.util.StrUtil;
import com.rceeslca.common.exception.ErrorCode;
import com.rceeslca.common.exception.RceesLcaException;

/**
 * SQL过滤
 * @author rceeslca
 */
public class SqlFilter {

    /**
     * SQL注入过滤
     * @param str 待验证的字符串
     */
    public static String sqlInject(String str){
        if(StrUtil.isBlank(str)){
            return null;
        }
        //去掉'|"|;|\字符
        str = StrUtil.replace(str,"'","");
        str = StrUtil.replace(str,"\"", "");
        str = StrUtil.replace(str,";","");
        str = StrUtil.replace(str,"\\","");

        //转换成小写
        str = str.toLowerCase();

        //非法字符
        String[] keywords = {"master","truncate","insert","select","delete","update","declare","alter","drop"};

        //判断是否包含非法字符
        for(String keyword : keywords){
            if(str.contains(keyword)){
                throw new RceesLcaException(ErrorCode.INVALID_SYMBOL);
            }
        }

        return str;
    }

}
